Presentation is loading. Please wait.

Presentation is loading. Please wait.

John A. Wright, CEO WIPFLI Client Appreciation June 8, 2017

Published byClinton Hill Modified over 6 years ago

Similar presentations

Presentation on theme: "John A. Wright, CEO WIPFLI Client Appreciation June 8, 2017"— Presentation transcript:

1 John A. Wright, CEO WIPFLI Client Appreciation June 8, 2017
Cyber Risk Management and Risk Transfer Issues Issues and Challenges for Companies managing Cyber Exposures John A. Wright, CEO WIPFLI Client Appreciation June 8, 2017

2 Discussion Outline Understanding the scope of the problem
What are the first steps? Understanding and evaluating your exposures Establish a Crisis plan Planning for Risk Mitigation Cyber Insurance Areas of insurance to be aware of and explore Prevention strategies

3 Uncomfortable Truths of Cyber Risk*
Technology Solutions alone can never keep pace with dynamic cyber threats Defense is harder to play than Offense They only have to win once to cause damage True for all threat management Attackers have patience and latency on their side Source: Harvard Business Review May 16, 2017, “The Best Cybersecurity Investment You Can Make Is Better Training” by Dante Disparte and Chris Furlow

4 Prophetic Words

5 Data Records Lost or Stolen Statistics*
Daily – 4,428,790 records breached 4% of Breaches were “Secure Breaches” Encryption was used Stolen Data rendered useless Symantec Threat Report – 2016 Breaches of Firms by Employees Size 43% of breaches: employees 22% of breaches: employees 35% of breaches employees

6 Evaluation of Exposures
What types of information do you maintain internally/externally What contractual commitments has your company committed to on behalf of others Open end assumption of IP in the event of cyber breaches that your company, employees, independent contractors, subs. are responsible for Limitation of Damages Duty to notify their constituents What contracts do you have with “data storage providers” such as cloud services What protections do they provide via indemnity, hold harmless agreements, insurance protection, etc. Are there limitations of damages in their contracts

7 Methods for determining Financial Exposures to Loss
Number of Records requiring statutory notification Not just customers but unique data records Contractual Obligations Number of Employee records Archived Data Information Credit Card transactions Calculators online Basic guidelines: Small to Mid-size companies - $65 per record to calculate transferable risk exposure Average Cyber Breach Loss - $2,100,000

8 Types of Information held Counts
Assume 10,000 records breached Net Diligence Mini Data Breach Cost Calculator No Class Action Lawsuits assumed PCI records: $380,750 $38 cost per record PII and PHI records: $ 2,257,250 $226 cost per record Differential is mostly Regulatory Fines and Penalties

9 Plan Ahead Before a Breach Happens – Just scratching the surface
Identify your Exposures and Quantify Establish Policies and Procedures for Data Security Establish a Crisis Response protocol and team- Who is in charge? Train All Employees on basics Password protocols Financial transfer procedures Understanding consequences of opening attachments Dual authentication of information Understanding what is a reportable Breach and what to do in the event it occurs BYOD policies and safeguards File Discipline and Storage

10 Cyber Risk Insurance Very little coverage for Data Breach events in your insurance programs without Cyber Risk Coverage. There is no intent to cover this under standard policies of General Liability, Commercial Crime, and D&O coverage Approximately 80 different underwriters offer various types of cyber insurance No policy form is the same! Rapidly evolving terms and conditions

11 Cyber Liability Defined
Insurance coverage specifically designed to protect a business or organization from: Liability claims involving the unauthorized release of information for which the organization has a legal obligation to keep private or confidential Liability claims alleging invasion of privacy and/or copyright/trademark violations in a digital, online or social media environment Liability claims alleging failures of computer security that result in deletion/alteration of data, transmission of malicious code, denial of service, etc. Defense costs in State or Federal regulatory proceedings that involve violations of privacy law The provision of expert resources and monetary reimbursement to the Insured for the out-of-pocket (1st Party) expenses associated with the appropriate handling of the types of incidents listed above

12 Coverage Components Privacy Liability Coverage
Privacy Regulatory Claims Coverage Security Breach Response Coverage Security Liability Multimedia Liability Cyber Extortion Business income and Digital Asset Restoration PCI-DSS Assessments Cyber Deception coverage

13 Some Issues to be aware of!
What is the definition of Cyber Breach? Hacking event? Data that is sent mistakenly to an unauthorized party? Dumpster Diving? Are there policy warranties – Conditions that void coverage if not in place Encryption Prohibited use of memory sticks Personal devices

14 Some Issues to be aware of!
Who are the Crisis Response teams for Breach response and Forensics What services do they provide pre-breach? Can you choose your own? Can you access them 24 hours? What are your deductibles? Per breach event? Deductible per coverage section Is there a percentage deductible?

15 Some Issues to be aware of!
Are coverage limits aggregated or separate? Is there a # of records limit versus monetary value? Is there coverage for Contractually assumed exposures? What are the claims triggers by coverage? Claims made and reported? Claims made? Extended reporting periods? What is the duty to notify? What type of notification is covered? Statuatory or Voluntary

16 Prevention Strategies
Patch applications and operating systems “Whitelist” applications Restrict administrative privileges Segment and separate networks – restrict host to host communications paths Validate inputs Tune file reputation systems Maintain firewalls Source: Joint analysis report , Dept. of Homeland Security and the FBI

17 Conclusion The game has changed regarding protection of confidential data held by you Statutory oversights have increased Enterprise risk management by cloud service providers and payment processors have limited the potential to recover from them or be protected by them Internal policies, focus and external risk transfer can provide a safety net to protect your balance sheet if prepared If not, watch out!!

Download ppt "John A. Wright, CEO WIPFLI Client Appreciation June 8, 2017"

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Travelers CyberRisk for Insurance Companies

Travelers CyberRisk for Insurance Companies
Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.

Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
2 3 4 5 6 www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Northern Insuring Agency 1. 2 Important Notice ●This presentation is not a representation that coverage does or does not exist for any particular claim.

Northern Insuring Agency 1. 2 Important Notice ●This presentation is not a representation that coverage does or does not exist for any particular claim.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
General Awareness Training

General Awareness Training
Overview of Cybercrime

Overview of Cybercrime
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Similar presentations

Ads by Google